Django: DeleteView + HttpResponseNotAllowed

Question

I found this DeleteView. Anyone can tell me what return HttpResponseNotAllowed(['POST'])is for? Should I add it to my own DeleteView as well?

class DiscountDelete(AdminPermissionRequiredMixin, DeleteView):
    model = Discount

    def get(self, *args, **kwargs):
        return HttpResponseNotAllowed(['POST'])

Answer 1

With Django's class based views you can define a class variable for this;

class DiscountDelete(AdminPermissionRequiredMixin, DeleteView):
    model = Discount
    http_method_names = ['post']

Then if that view receives a get request it'll send back the 405 you're looking for.

Docs on this are here; https://docs.djangoproject.com/en/2.1/ref/class-based-views/base/#django.views.generic.base.View.http_method_names

Answer 2

With the usual delete view, when you do a GET request you get a confirmation page. Then when you submit the form with a POST request, the object is deleted.

The custom get() method is disabling GET requests. Perhaps it's not needed, because the delete requests are submitted from a different view (e.g. a list view).

We can't tell whether or not you should add this functionality to your delete view. It's up to you.